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CLAIMS 

1 . A method of controlling usage of network resources of a communications network by a 
user beyond a network device of the communications network that serves as the user's entry 
point to the communications network, the method comprising acts of: 

(A) configuring a port module of the network device with one or more packet rules 
corresponding to an identity of the user; 

(B) receiving a packet from a device used by the user at the port module; and 

(C) before using any of the network resources beyond the network device, applying the 
one or more packet rules to the received packet. 

2. The method of claim 1 , further comprising: 

(D) prior to act (A), authenticating the identity of the user, wherein act (A) results from 
the authentication. 

3. The method of claim 1 , further comprising an act of: 

(D) repeating act (C) for all packets received at the port module until the user logs off of 
the communications network. 

4. The method of claim 1 , wherein the port module is dedicated to the device of the user 
until the user logs off of the communications network. 

5. The method of claim 1 , the method further comprising: 

(D) selecting the one or more packet rules based on the identity of the user. 

6. The method of claim 5, wherein the identity of the user is associated with a role assigned 
to the user, and the role is associated with the one or more packet rules, and wherein act (D) 
comprises: 

selecting the one or more packet rules based on the role. 



593722-1 



-46- 



Attorney Docket No. E00378.70179/JHM/DPM 



Filed on: February 8, 2002 



7. 



The method of claim 6, wherein act (A) further comprises: 
configuring the port module according to the role. 



8. 



The method of claim 1, wherein the method further comprises an act of: 
(D) routing the packet based on the one or more packet rules. 



9. 



The method of claim 1, wherein the method further comprises an act of: 



(D) preventing the packet from being transmitted onto a transmission medium of the 
communications network based on the one or more packet rules. 

10. The method of claim 1 , wherein act (C) comprises: 
configuring the packet based on the one or more packet rules. 

1 1 . The method of claim 10, wherein configuring the packet comprises an act of: 
changing information included in the received packet. 

12. The method of claim 10, wherein configuring the packet comprises an act of: 
adding information to the received packet. 

1 3 . The method of claim 1 , wherein the method further comprises an act of: 

(D) controlling an amount of bandwidth on the communications network consumed by 
the user based on the one or more packet rules. 

14. The method of claim 1, wherein the method further comprises an act of: 

(D) controlling access to devices residing on the communications network based on the 
one or more packet rules. 

15. The method of claim 1, wherein the method further comprises an act of: 

(D) controlling access to information stored on devices residing on the communications 
network based on the one or more packet rules. 
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16. The method of claim 1, wherein the method further comprises an act of: 

(D) controlling access to at least a portion of an application stored on a device residing on 
the communications network based on the one or more packet rules. 

17. A network device serving as an entry point to a communications network for a user and 
operative to control usage of network resources by the user beyond the network device, the 
network device comprising: 

a port module including port configuration logic to configure the port module with one or 
more packet rules corresponding to an identity of the user, a physical port to receive a packet 
from a device of the user and rule application logic to apply the one or more packet rules to the 
received packet before using any of the network resources beyond the network device. 

18. The system of claim 1 7, further comprising: 

authentication logic to authenticate the identity of the user, wherein the configuration 
logic is operative to configure the port module in response to the authentication. 

1 9. The system of claim 17, wherein the rule application logic is operative to apply the one or 
more packet rules to all packets received from the device of the user at the port module until the 
user logs off of the communications network. 

20. The system of claim 1 7, wherein the port module is dedicated to the device of the user 
until the user logs off of the communications network. 

21. The system of claim 17, wherein the port configuration logic is operative to select the one 
or more packet rules based on the identity of the user. 

22. The system of claim 21, wherein the identity of the user is associated with a role assigned 
to the user, and the role is associated with the one or more packet rules, and wherein the port 
configuration logic is operative to select the one or more packet rules based on the role. 
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23 . The system of claim 22, wherein the port configuration logic is operative to configure the 
port module according to the role. 

24. The system of claim 1 7, wherein the port module is operative to route the packet based 
on the one or more packet rules. 

25 . The system of claim 1 7, wherein the port module is operative to prevent the packet from 
being transmitted onto a transmission medium of the communications network based on the one 
or more packet rules. 

26. The system of claim 17, wherein the rule application logic is operative to configure the 
packet based on the one or more packet rules. 

27. The system of claim 26, wherein the rule application logic is operative to configure the 
packet by changing information included in the received packet. 

28. The system of claim 26, wherein the rule application logic is operative to configure the 
packet by adding information to the received packet. 

29. The system of claim 17, wherein the port module is operative to control an amount of 
bandwidth on the communications network consumed by the user based on the one or more 
packet rules. 

30. The system of claim 17, wherein the port module is operative to control access to devices 
residing on the communications network based on the one or more packet rules. 

3 1 . The system of claim 17, wherein the port module is operative to control access to 
information stored on devices residing on the communications network based on the one or more 
packet rules. 
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32. The system of claim 17, wherein the port module is operative to control access to at least 
a portion of an application stored on a device residing on the communications network based on 
the one or more packet rules. 

5 33 . A network device serving as an entry point to a communications network for a user, the 
network device operative to control usage of network resources beyond the network device by 
the user and comprising: 

a port module including a physical port to receive a packet from a device used by the user 
and rule application logic to apply one or more packet rales to the received packet before using 
1 0 any of the network resources beyond the network device; and 

means for configuring the port module with the one or more packet rules based on an 
identity of the user; 

Q 

Q 34. A computer program product, comprising: 
L f 5 a computer-readable medium; and 

computer-readable signals stored on the computer-readable medium that define 
y j instructions that, as a result of being executed by a computer, instruct the computer to perform a 
* S i . process of controlling usage of network resources of a communications network by a user 
fy beyond a network device of the communications network that serves as the user's entry point to 
"20 the communications network, the process comprising acts of: 

y (A) configuring a port module of the network device with one or more packet rules 

corresponding to an identity of the user; 

(B) receiving a packet from a device used by the user at the port module; and 

(C) before using any of the network resources beyond the network device, applying the 
25 one or more packet rules to the received packet. 

35. A method of controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rale including a condition 
30 and action to be taken if a packet received at a device satisfies the condition, the method 
comprising acts of: 
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(A) receiving a packet including identification information of the user from a device of 
the user at a port module of a network device; 

(B) determining the assigned role of the user based on the identification information; and 

(C) configuring the port module with the one or more packet rules associated with the 
assigned role of the user. 

36. The method of claim 35, wherein the network device serves as an entry point to the 
communications network for the user. 

37. the method of claim 35, wherein user information about the user is stored on a computer- 
readable medium residing on the communications network, the user information including 
identification information and the assigned role of the user, and act (B) further comprises acts of: 

accessing the stored user information to determine if the identification information 
included therein matches the identification information included in the received packet; and 

if it is determined that the stored identification information matches the received 
identification information, determining the assigned role from the stored user information. 

38. The method of claim 35, further comprising: 

(D) assigning the assigned role to the user. 

39. The method of claim 35, further comprising: 
(D) authenticating the identity of the user. 

40. A system for controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
and action to be taken if a packet received at a device satisfies the condition, the system 
comprising: 

a port module including a physical port to receive a packet including identification 
information of the user from a device of the user and port configuration logic to configure the 
port module with the one or more packet rules associated with the assigned role of the user; and 
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an authentication module to determine the assigned role of the user based on the 
identification information. 

41 . The system of claim 40, wherein the port module serves as an entry point to the 
5 communications network for the user. 

42. The system of claim 40, wherein user information about the user is stored on a computer- 
readable medium residing on the communications network, the user information including 
identification information and the assigned role of the user, and 

1 0 wherein the authentication module is operative to control accessing the stored user 

information to determine if the identification information included therein matches the 
identification information included in the received packet, and to determine the assigned role 

Jj!j from the stored user information if it is determined that the stored identification information 

Q matches the received identification information. 

J5 

43. The system of claim 40, further comprising: 

yyj assigning logic to assign the assigned role to the user. 

Hi 44. The system of claim 40, the authentication module is operative to authenticate the 
if|0 identity of the user. 

45. A system for controlling usage of network resources of a communications network by a 
user, wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
25 and action to be taken if a packet received at a device satisfies the condition, the system 
comprising: 

a port module including a physical port to receive a packet including identification 
information of the user from a device of the user and port configuration logic to configure the 
port module with the one or more packet rules associated with the assigned role of the user; and 
30 means for determining the assigned role of the user based on the identification 
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information. 

46. A computer program product, comprising: 
a computer-readable medium; and 
5 computer-readable signals stored on the computer-readable medium that define 

instructions that, as a result of being executed by a computer, instruct the computer to perform a 
process of controlling usage of network resources of a communications network by a user, 
wherein the user has an assigned role with respect to the communications network, and the 
assigned role is associated with one or more packet rules, each packet rule including a condition 
1 0 and action to be taken if a packet received at a device satisfies the condition, the process 
comprising acts of: 

(A) receiving a packet including identification information of the user from a device of 
£ • the user at a port module of a network device; 

C| (B) determining the assigned role of the user based on the identification information; and 

J 5 (C) configuring the port module with the one or more packet rules associated with the 

01 assigned role of the user. 
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